[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS hardening, was Re: Dan Kaminsky

Subject: DNS hardening, was Re: Dan Kaminsky
From: johnl at iecc.com (John R. Levine)
Date: Wed, 5 Aug 2009 15:07:30 -0400 (EDT)
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>

>> 5 is 'edns ping', but it was effectively blocked because people
>> thought DNSSEC would be easier to do, or demanded that EDNS PING
>> (http://edns-ping.org) would offer everything that DNSSEC offered.
>
> 	I'm surprised you failed to mention http://dnscurve.org/crypto.html,
> 	which is always brought up, but never seems to solve the problems
> 	mentioned.

dnscurve looks like a swell idea, but I wouldn't put it in the category of 
a hack as straightforward as the ones I listed.  Also, at this point there 
appears to be neither code nor an implementable spec available since Dan 
is still fiddling with it.

Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.

Follow-Ups:
- DNS hardening, was Re: Dan Kaminsky
  - From: smb at cs.columbia.edu (Steven M. Bellovin)

References:
- Dan Kaminsky
  - From: cmaurand at xyonet.com (Curtis Maurand)
- DNS hardening, was Re: Dan Kaminsky
  - From: johnl at iecc.com (John Levine)
- DNS hardening, was Re: Dan Kaminsky
  - From: bert.hubert at netherlabs.nl (bert hubert)
- DNS hardening, was Re: Dan Kaminsky
  - From: regnauld at catpipe.net (Phil Regnauld)

Prev by Date: DNS hardening, was Re: Dan Kaminsky
Next by Date: DNS hardening, was Re: Dan Kaminsky
Previous by thread: DNS hardening, was Re: Dan Kaminsky
Next by thread: DNS hardening, was Re: Dan Kaminsky
Index(es):
- Date
- Thread